HackDig : Dig high-quality web security articles for hacker

According to IBM X-Force data on the activity of financial malware operated by organized cybercrime groups, the Ursnif (aka Gozi) banking Trojan was the most active malware code in the financial sector in 2016 and has maintained its dominance through 2017 to date.
Ursnif’s activity is marked by both frequent code modifications and campaign activity in

In January 2017, IBM X-Force research reported the development of a new remote-access malware code targeting Brazilian banks. The malware, dubbed Client Maximus, was observed in ongoing campaigns and continues to target online banking users in the country. The development of Client Maximus, which is believed to be commercially available in Brazilian fraud an

Kaspersky discovered a news strain of the mobile banking Trojan Faketoken that displays overlays on top of taxi booking apps to steal banking information.
Security experts from Kaspersky have discovered a news strain of the infamous mobile banking trojan Faketoken that implements capabilities to detect and record an infected device’s calls and display

This is the first installment in an ongoing series about banking malware that faded away in 2017.
Cybercrime is a very dynamic threat landscape. With over 100 million malware strains tracked by AV-TEST in 2016, malware can be a dime a dozen. When it comes to the more organized cybercrime groups and sophisticated banking Trojan projects, malware families are

A flashlight app, fake videos or a fake gaming app? Any one of those could be malicious and harboring a mobile malware app, right there in a trusted official app store. In an ongoing trend, IBM X-Force noted that malicious apps manage to circumvent controls and infiltrate legitimate stores. And this is not about the plethora of adware apps infecting users in

Pinkslipbot banking Trojan is a banking Trojan that uses a complicated multistage proxy for HTTPS-based control server communication.
Security researchers at McAfee Labs have spotted a new strain of the Pinkslipbot banking malware (also known as QakBot/QBot) that leverages UPnP to open ports, allowing incoming connections from anyone on the Internet to commu

IBM X-Force Research recently observed a wave of malware-induced Active Directory (AD) lockouts across several incident response engagements. The lockouts caused hundreds to thousands of AD users to get locked out of their company’s domain in rapid succession, leaving employees of the impacted organizations unable to access their endpoints, company ser

IBM X-Force research follows organized cybercrime and continually monitors the criminals’ targets and modus operandi. In a recent analysis of TrickBot campaigns in the U.K., Australia and Germany, I found that the operators of the infamous Trojan have been adding new redirection attacks focused on a list of brands that I had never seen in the past.
Cur

On November 30th, an international law enforcement operation stamped out Avalanche, a large-scale content and management platform designed for the delivery of bullet-proof botnets. Avalanche’s scale and scope spanned victims from 180 countries, over 800,000 domains in 60+ top-level domains (TLD), more than one million phishing and spam e-mails, 500,000 infec

Coder in the Brazilian Cyber Criminal underground are Pioneering Cross-platform malware relying on Java archive (JAR) Files.
Recently security experts at PaloAlto Networks uncovered a new family of ransomware dubbed KeRanger that targets Mac OS X users, a circumstance that demonstrates that every OS is potentially at risk.
Now researchers at Kaspersky Lab ha

A new variant of the infamous Tinba banking trojan has emerged in the wild and is targeting financial institutions in the Asia Pacific region.
Even small threats can scare the giants, this is the case of Tinba, a small malware that continues to create serious problems for financial institutions. Tinba is a popular financial tr

A new run of Spy Banker banking malware infections has been targeting Portuguese-speaking victims in Brazil.While Spy Banker is an old threat, dating back to 2009 according to some security companies, the latest wrinkle attackers are taking is a new one. The campaign, spotted by researchers at Zscaler, spreads primarily over social media—Facebook for the m

Our security roundup series covers the week’s trending topics in the world of InfoSec. In this quick-read compilation, we’ll let you know of the latest news and controversies that the industry has been talking about recently.Here’s what you don’t want to miss from the week of September 28, 2015:A massive data breach at Experian – one of largest credit report

Conspicuously off the grid for close to two months, the Dridex banking Trojan made some noise Thursday morning when a large phishing campaign, primarily targeting victims in the U.K., was corralled by researchers at Palo Alto Networks.The phishing emails are laced with a Microsoft Word document that entices users to enable macros that call out to attacker-co

On September 18, 2015, we saw an activity on koreatimes.com where we captured a malicious binary. We investigated further and found that this campaign is specifically targeted to Korean sites and Korean banks. We looked at our logs for this year and found more Korean websites infected:
koreatimes.com (Sep. 18, 2015)
filehon.com(May 30, 2015)
joara.com (May